Chest/CTF-site-project
Chest/CTF-site-project
1
1
Fork 0
Code Issues Pull Requests Activity

Compare commits

base: Chest:22cdb19d9802876f096bd5dccbbab9f07fa7a311
Branches Tags
Chest:master
Chest:mobile
...
compare: Chest:fe43dc0497f1c2d588de6bcd3efbe787559730c2
Branches Tags
Chest:master
Chest:mobile

4 Commits
22cdb19d98 ... fe43dc0497

Author SHA1 Message Date
cheeest
fe43dc0497 fix: side nav 2025-04-07 15:44:09 +03:00
cheeest
f585a49b5b feat: osint main page 2025-04-07 12:48:59 +03:00
cheeest
0a70a407e5 feat: forensic main page 2025-04-07 12:48:42 +03:00
cheeest
7c068e0c89 feat: web main page 2025-04-07 12:23:56 +03:00
14 changed files with 174 additions and 28 deletions
Show Stats Expand all files Collapse all files

56
app.py
View File

@ -51,7 +51,7 @@ def osint():
return render_template('osint-main.html') return render_template('osint-main.html')
@app.route("/web/sql-injection", methods=('GET', 'POST')) @app.route("/web/sql-injection", methods=('GET', 'POST'))
def sql(): def websql():
if request.method == 'POST': if request.method == 'POST':
login = request.form['login'] login = request.form['login']
password = request.form['pass'] password = request.form['pass']
@ -64,8 +64,24 @@ def sql():
return redirect(url_for('success_login'), code=302) return redirect(url_for('success_login'), code=302)
return render_template('sql-injection.html') return render_template('sql-injection.html')
@app.route("/forensic/task1-metadata") @app.route("/web/idor")
def task1(): def webidor():
return render_template('idor.html')
@app.route("/web/path-traversal")
def webpt():
return render_template('path-traversal.html')
@app.route("/web/ssti")
def webssti():
return render_template('ssti.html')
@app.route("/web/portswigger-guide")
def webpsguide():
return render_template('portswigger-guide.html')
@app.route("/forensic/metadata")
def fmetadata():
session['task1_id'] = id = hex(getrandbits(45))[2:] session['task1_id'] = id = hex(getrandbits(45))[2:]
session['task1_flag'] = flag_task1 = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}' session['task1_flag'] = flag_task1 = f'C4TchFl4g{{{hex(getrandbits(45))[2:]}}}'
task1_flag(flag_task1, id) task1_flag(flag_task1, id)
@ -79,15 +95,39 @@ def task1():
abort(404) abort(404)
return render_template('task1-metadata.html') return render_template('task1-metadata.html')
@app.route("/found-me/task1") @app.route("/found-me/task1") #TODO
def forensic_task1(): def forensic_task1():
return send_file(f'/tmp/task1/{session['task1_id']}.jpg') return send_file(f'/tmp/task1/{session['task1_id']}.jpg')
@app.route("/decode-me") @app.route("/forensic/base-guide")
def decode(): def fbase():
return render_template('decode.html') return render_template('base.html')
@app.route("/success_login", methods=('GET', 'POST')) @app.route("/forensic/.docx_files")
def fbinwalk():
return render_template('binwalk.html')
@app.route("/forensic/hex")
def fhex():
return render_template('hex.html')
@app.route("/forensic/hash")
def fhash():
return render_template('hash.html')
@app.route("/osint/questions")
def osintquestions():
return render_template('osint-questions.html')
@app.route("/osint/geoguessr")
def osintgeoguessr():
return render_template('osint-geoguessr.html')
@app.route("/osint/really_hard_task")
def osintrht():
return render_template('osint-hardtask.html')
@app.route("/success_login-sqltask", methods=('GET', 'POST'))
def success_login(): def success_login():
flag = session.get('sql_flag') flag = session.get('sql_flag')
if request.method == 'POST': if request.method == 'POST':

19
templates/_forensicsidenav.html Normal file
View File

@ -0,0 +1,19 @@
<div class="navigation capsule-window">
<div class="decore1"></div>
<nav class="navlink">
<a href="{{ url_for('index') }}" class="link">На главную</a>
{%- for link, text in (
('fmetadata', "Метаданные и как их найти"),
('fbinwalk', "Что не так с моим докладом?"),
('fbase', "0K3RgtC+INCx0LDQt9Cw"),
('fhex', "Hex в картинках"),
('fhash', "Зачем Cat нужен hash"),
) %}
{%- if request.path != url_for(link) %}
<a href="{{ url_for(link) }}" class="link">{{ text }}</a>
{%- endif %}
{%- endfor %}
{#- <!-- <a href="">rfi</a>--> #}
{#- <!-- <a href="">lfi</a>--> #}
</nav>
</div>

2
templates/_sidenav.html → templates/_mainsidenav.html
View File

@ -1,7 +1,7 @@
<div class="navigation capsule-window"> <div class="navigation capsule-window">
<div class="decore1"></div> <div class="decore1"></div>
<nav class="navlink"> <nav class="navlink">
<a href="{{ url_for('index') }}" class="link">на главную</a> <a href="{{ url_for('index') }}" class="link">На главную</a>
{%- for link, text in ( {%- for link, text in (
('web', 'Web'), ('web', 'Web'),
('forensic', 'Форензика'), ('forensic', 'Форензика'),

17
templates/_osintsidenav.html Normal file
View File

@ -0,0 +1,17 @@
<div class="navigation capsule-window">
<div class="decore1"></div>
<nav class="navlink">
<a href="{{ url_for('index') }}" class="link">На главную</a>
{%- for link, text in (
('osintquestions', "Чур ответы не гуглить!"),
('osintgeoguessr', "Мастер яндекс-карт"),
('osintrht', "Реально сложный таск"),
) %}
{%- if request.path != url_for(link) %}
<a href="{{ url_for(link) }}" class="link">{{ text }}</a>
{%- endif %}
{%- endfor %}
{#- <!-- <a href="">rfi</a>--> #}
{#- <!-- <a href="">lfi</a>--> #}
</nav>
</div>

2
templates/_task.html
View File

@ -10,7 +10,7 @@
{% block content -%}{% endblock -%} {% block content -%}{% endblock -%}
{% include '_sidenav.html' %}
<img id="help" onclick="showPopup()" src="{{ url_for('static', filename='imgs/icon.png') }}"> <img id="help" onclick="showPopup()" src="{{ url_for('static', filename='imgs/icon.png') }}">
</body> </body>

19
templates/_websidenav.html Normal file
View File

@ -0,0 +1,19 @@
<div class="navigation capsule-window">
<div class="decore1"></div>
<nav class="navlink">
<a href="{{ url_for('index') }}" class="link">На главную</a>
{%- for link, text in (
('websql', "SQL-инъекция"),
('webidor', "Уязвимость IDOR"),
('webpt', "Уязвимость Path Traversal"),
('webssti', "Уязвимость SSTI"),
('webpsguide', "Немного о PortSwigger"),
) %}
{%- if request.path != url_for(link) %}
<a href="{{ url_for(link) }}" class="link">{{ text }}</a>
{%- endif %}
{%- endfor %}
{#- <!-- <a href="">rfi</a>--> #}
{#- <!-- <a href="">lfi</a>--> #}
</nav>
</div>

1
templates/decode.html
View File

@ -1 +0,0 @@
{% extends '_task.html' %}

22
templates/forensic-main.html
View File

@ -1,6 +1,22 @@
<html lang="ru"> <html lang="ru">
{% include '_head.html' %} {% include '_head.html' %}
<body> <body>
{% include '_header.html' %} {% include '_header.html' %}
{% include '_sidenav.html' %} {% include '_mainsidenav.html' %}
<div class="container">
<div class="small info1 capsule-window">
<p class="simpletext">< Задания категории Форензика ></p>
<nav class="navbtn">
{%- for name, descr in (
('fmetadata', "Метаданные и как их найти"),
('fbinwalk', "Что не так с моим докладом?"),
('fbase', "0K3RgtC+INCx0LDQt9Cw"),
('fhex', "Hex в картинках"),
('fhash', "Зачем Cat нужен hash"),
) %}
<a href="{{ url_for(name) }}" class="btn1">{{ descr }}</a>
{%- endfor %}
</div>
<img id="help" src="{{ url_for('static', filename='imgs/icon.png') }}"> <img id="help" src="{{ url_for('static', filename='imgs/icon.png') }}">
</body>
</html>

20
templates/osint-main.html
View File

@ -1,6 +1,20 @@
<html lang="ru"> <html lang="ru">
{% include '_head.html' %} {% include '_head.html' %}
<body> <body>
{% include '_header.html' %} {% include '_header.html' %}
{% include '_sidenav.html' %} {% include '_mainsidenav.html' %}
<div class="container">
<div class="small info1 capsule-window">
<p class="simpletext">< Задания категории OSINT ></p>
<nav class="navbtn">
{%- for name, descr in (
('osintquestions', "Чур ответы не гуглить!"),
('osintgeoguessr', "Профессионал Яндекс-карт"),
('osintrht', "Реально сложный таск"),
) %}
<a href="{{ url_for(name) }}" class="btn1">{{ descr }}</a>
{%- endfor %}
</div>
<img id="help" src="{{ url_for('static', filename='imgs/icon.png') }}"> <img id="help" src="{{ url_for('static', filename='imgs/icon.png') }}">
</body>
</html>

6
templates/osint-questions.html Normal file
View File

@ -0,0 +1,6 @@
{% extends '_task.html' %}
{% include '_osintsidenav.html' %}
{% block content %}
{% endblock %}

3
templates/sql-injection.html
View File

@ -1,5 +1,5 @@
{% extends '_task.html' %} {% extends '_task.html' %}
{% include '_websidenav.html' %}
{% block content %} {% block content %}
<div class="container"> <div class="container">
<div id="popup" class="sql-guide capsule-window"> <div id="popup" class="sql-guide capsule-window">
@ -35,4 +35,3 @@ cursor.execute(f'SELECT * FROM Users WHERE login == "{login}" AND password == "{
{% endif %} {% endif %}
{% endblock %} {% endblock %}
D

0
templates/success.html → templates/success-sql.html
View File

1
templates/task1-metadata.html
View File

@ -1,4 +1,5 @@
{% extends '_task.html' %} {% extends '_task.html' %}
{% include '_forensicsidenav.html' %}
{% block content %} {% block content %}
<div class="container"> <div class="container">
<div class="capsule-window info1"> <div class="capsule-window info1">

22
templates/web-main.html
View File

@ -1,6 +1,22 @@
<html lang="ru"> <html lang="ru">
{% include '_head.html' %} {% include '_head.html' %}
<body> <body>
{% include '_header.html' %} {% include '_header.html' %}
{% include '_sidenav.html' %} {% include '_mainsidenav.html' %}
<div class="container">
<div class="small info1 capsule-window">
<p class="simpletext">< Задания категории Web ></p>
<nav class="navbtn">
{%- for name, descr in (
('websql', "SQL-инъекция"),
('webidor', "Уязвимость IDOR"),
('webpt', "Уязвимость Path Traversal"),
('webssti', "Уязвимость SSTI"),
('webpsguide', "Немного о PortSwigger"),
) %}
<a href="{{ url_for(name) }}" class="btn1">{{ descr }}</a>
{%- endfor %}
</div>
<img id="help" src="{{ url_for('static', filename='imgs/icon.png') }}"> <img id="help" src="{{ url_for('static', filename='imgs/icon.png') }}">
</body>
</html>